0

I've been using CLASP for the development of Google App Script. Clasp login command is no longer working after Clasp logout.

Steps

  • Execute Clasp login in VS Code Terminal. It redirects to the Google OAuth page.
  • Entered credentials and accepted the required permissions for Clasp in the browser
  • After successful authentication, it redirects to some localhost:port and then it gets stuck with this error

enter image description here

I've also tried using clasp login --no-localhost, but it gave different error:

enter image description here

Jayakrishnan
  • 4,232
  • 2
  • 23
  • 35

1 Answers1

1

The problem is that your browser is forcing https:// on your localhost. The way clasp login works is that it creates a temporary local server to receive the authorization code from Google in the OAuth flow. This server won't have an SSL certificate so forcing an https connection will return that error. Your potential solutions are:

  • Try to just change the start of the URL from https:// to http://, though if it's not working already it probably means that something is forcing it.
  • Create your own localhost cert. Though this is probably overkill, especially if you want it only to install Clasp.
  • Temporarily disable any browser extensions or settings that force SSL. Or try a different browser.
  • You seem to be on Edge, you can go to edge://net-internals/#hsts (or chrome://net-internals/#hsts on Chrome) then add localhost under "Delete domain security policies" and click "Delete".
  • If this is a corporate device check for any antivirus or policies that would force SSL everywhere and see if you can add localhost as an exception.
  • If you're completely restricted, you can authorize on another computer that doesn't force SSL on you and just copy the .clasprc.json file from the other %USERPROFILE% folder to your current one. The credentials will be associated with the Google account that you used to sign in.

As for why the -no--localhost flag doesn't work, this is because the Out-Of-Band flow has been deprecated. You can see this in the full description of the error:

enter image description here

This means that the "enter a code" flow is no longer supported and Google has blocked it. It's up to the devs to update the Clasp app to remove the flow or to implement a workaround. You can try to report it in their Github page. As far as I can tell there's not much that can be done about this setting and you most likely will need to go with the localhost method.

Daniel
  • 3,157
  • 2
  • 7
  • 15
  • 1
    Performing "edge://net-internals/#hsts (or chrome://net-internals/#hsts on Chrome) then add localhost under "Delete domain security policies" and click "Delete"." step helped me solve the problem. There's an open ticket "https://github.com/google/clasp/issues/953" for -no--localhost issue – Jayakrishnan Feb 07 '23 at 08:57
  • When using cloud SaaS such as [gitpod](https://www.gitpod.io), the disablement of out of band (OOB) OAuth also causes problems. The workaround here is to use `clasp login` and copy the URL in the `localhost` page that fails at the end. Start a new bash terminal on the cloud service and then run `curl ''` – Paul Mar 12 '23 at 17:11